Https Response Status Code.

[Shamsudin MH]

Hi 

I want to store the status code in my database 

you can suggest me either in ZAP API UI  or Java Code.

Regards

Shamsudin

[psiinon]

Hi Shamsudin,

I'm not really sure what you are asking for :/

Can you explain in a bit more detail?

Cheers,

Simon

[Shamsudin MH]

Hi Simon

Hope your fine.

 I asked whether there was any way to acquire the HTTP status code.

For example, if I use the API anonymously reachable on active scan, if i  receive a "200" response. So I'd like to store those.. Make it as an High ALERT.

I can see those running on the Zap console, but I'm not sure where they're being stored.  

Regards

Shamsudin

--
You received this message because you are subscribed to the Google Groups "ZAP Developer Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to zaproxy-devel...@googlegroups.com.
To view this discussion on the web, visit https://groups.google.com/d/msgid/zaproxy-develop/e664c4bc-1035-4678-9647-735b81758c35n%40googlegroups.com.

[psiinon]

HI Shamsudin,

The message IDs related to the active scan can be accessed via https://www.zaproxy.org/docs/api/#ascanviewmessagesids

You can then read those messages via https://www.zaproxy.org/docs/api/#coreviewmessagesbyid

However I'd have thought that an HttpSender script might be better for you: https://github.com/zaproxy/community-scripts/tree/main/httpsender

You can first check that it is from the ACTIVE_SCANNER_INITIATOR and then check the response code.

This script does something similar, including raising an alert: https://github.com/zaproxy/community-scripts/blob/main/httpsender/Alert%20on%20HTTP%20Response%20Code%20Errors.js

Cheers,

Simon

[Shamsudin MH]

Thank ;you   Simon

To view this discussion on the web, visit https://groups.google.com/d/msgid/zaproxy-develop/6459fa1c-c457-4939-a7c6-5b6007c5279an%40googlegroups.com.